git.squeep.com Git - akkoma/blob - docs/installation/otp_en.md

   1 # Installing on Linux using OTP releases
   2
   3 ## Pre-requisites
   4 * A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPU, you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below
   5 * A (sub)domain pointed to the machine
   6
   7 You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`.
   8
   9 While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine.
  10
  11 ### Detecting flavour
  12
  13 Paste the following into the shell:
  14 ```sh
  15 arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
  16 ```
  17
  18 If your platform is supported the output will contain the flavour string, you will need it later. If not, this just means that we don't build releases for your platform, you can still try installing from source.
  19
  20 ### Installing the required packages
  21
  22 Other than things bundled in the OTP release Pleroma depends on:
  23
  24 * curl (to download the release build)
  25 * unzip (needed to unpack release builds)
  26 * ncurses (ERTS won't run without it)
  27 * PostgreSQL (also utilizes extensions in postgresql-contrib)
  28 * nginx (could be swapped with another reverse proxy but this guide covers only it)
  29 * certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it)
  30
  31 === "Alpine"
  32     ```
  33     echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
  34     apk update
  35     apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot
  36     ```
  37
  38 === "Debian/Ubuntu"
  39     ```
  40     apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot
  41     ```
  42
  43 ## Setup
  44 ### Configuring PostgreSQL
  45 #### (Optional) Installing RUM indexes
  46
  47 !!! warning
  48     It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
  49
  50 RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
  51
  52 === "Alpine"
  53     ```
  54     apk add git build-base postgresql-dev
  55     git clone https://github.com/postgrespro/rum /tmp/rum
  56     cd /tmp/rum
  57     make USE_PGXS=1
  58     make USE_PGXS=1 install
  59     cd
  60     rm -r /tmp/rum
  61     ```
  62
  63 === "Debian/Ubuntu"
  64     ```
  65     # Available only on Buster/19.04
  66     apt install postgresql-11-rum
  67     ```
  68
  69 #### (Optional) Performance configuration
  70 It is encouraged to check [Optimizing your PostgreSQL performance](../configuration/postgresql.md) document, for tips on PostgreSQL tuning.
  71
  72 === "Alpine"
  73     ```
  74     rc-service postgresql restart
  75     ```
  76
  77 === "Debian/Ubuntu"
  78     ```
  79     systemctl restart postgresql
  80     ```
  81
  82 If you are using PostgreSQL 12 or higher, add this to your Ecto database configuration
  83
  84 ```elixir
  85 prepare: :named,
  86 parameters: [
  87   plan_cache_mode: "force_custom_plan"
  88 ]
  89 ```
  90
  91 ### Installing Pleroma
  92 ```sh
  93 # Create a Pleroma user
  94 adduser --system --shell  /bin/false --home /opt/pleroma pleroma
  95
  96 # Set the flavour environment variable to the string you got in Detecting flavour section.
  97 # For example if the flavour is `amd64-musl` the command will be
  98 export FLAVOUR="amd64-musl"
  99
 100 # Clone the release build into a temporary directory and unpack it
 101 su pleroma -s $SHELL -lc "
 102 curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
 103 unzip /tmp/pleroma.zip -d /tmp/
 104 "
 105
 106 # Move the release to the home directory and delete temporary files
 107 su pleroma -s $SHELL -lc "
 108 mv /tmp/release/* /opt/pleroma
 109 rmdir /tmp/release
 110 rm /tmp/pleroma.zip
 111 "
 112 # Create uploads directory and set proper permissions (skip if planning to use a remote uploader)
 113 # Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later
 114
 115 mkdir -p /var/lib/pleroma/uploads
 116 chown -R pleroma /var/lib/pleroma
 117
 118 # Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.)
 119 # Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later
 120 mkdir -p /var/lib/pleroma/static
 121 chown -R pleroma /var/lib/pleroma
 122
 123 # Create a config directory
 124 mkdir -p /etc/pleroma
 125 chown -R pleroma /etc/pleroma
 126
 127 # Run the config generator
 128 su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
 129
 130 # Create the postgres database
 131 su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
 132
 133 # Create the database schema
 134 su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
 135
 136 # If you have installed RUM indexes uncommend and run
 137 # su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
 138
 139 # Start the instance to verify that everything is working as expected
 140 su pleroma -s $SHELL -lc "./bin/pleroma daemon"
 141
 142 # Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
 143 sleep 20 && curl http://localhost:4000/api/v1/instance
 144
 145 # Stop the instance
 146 su pleroma -s $SHELL -lc "./bin/pleroma stop"
 147 ```
 148
 149 ### Setting up nginx and getting Let's Encrypt SSL certificaties
 150
 151 #### Get a Let's Encrypt certificate
 152 ```sh
 153 certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
 154 ```
 155
 156 #### Copy Pleroma nginx configuration to the nginx folder
 157
 158 The location of nginx configs is dependent on the distro
 159
 160 === "Alpine"
 161     ```
 162     cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
 163     ```
 164
 165 === "Debian/Ubuntu"
 166     ```
 167     cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
 168     ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
 169     ```
 170
 171 If your distro does not have either of those you can append `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and
 172 ```sh
 173 cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf
 174 ```
 175
 176 #### Edit the nginx config
 177 ```sh
 178 # Replace example.tld with your (sub)domain
 179 $EDITOR path-to-nginx-config
 180
 181 # Verify that the config is valid
 182 nginx -t
 183 ```
 184 #### Start nginx
 185
 186 === "Alpine"
 187     ```
 188     rc-service nginx start
 189     ```
 190
 191 === "Debian/Ubuntu"
 192     ```
 193     systemctl start nginx
 194     ```
 195
 196 At this point if you open your (sub)domain in a browser you should see a 502 error, that's because Pleroma is not started yet.
 197
 198 ### Setting up a system service
 199
 200 === "Alpine"
 201     ```
 202     # Copy the service into a proper directory
 203     cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma
 204
 205     # Start pleroma and enable it on boot
 206     rc-service pleroma start
 207     rc-update add pleroma
 208     ```
 209
 210 === "Debian/Ubuntu"
 211     ```
 212     # Copy the service into a proper directory
 213     cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
 214
 215     # Start pleroma and enable it on boot
 216     systemctl start pleroma
 217     systemctl enable pleroma
 218     ```
 219
 220 If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors.
 221
 222 Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://irc.pleroma.social) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma-support/issues/new)
 223
 224 ## Post installation
 225
 226 ### Setting up auto-renew of the Let's Encrypt certificate
 227 ```sh
 228 # Create the directory for webroot challenges
 229 mkdir -p /var/lib/letsencrypt
 230
 231 # Uncomment the webroot method
 232 $EDITOR path-to-nginx-config
 233
 234 # Verify that the config is valid
 235 nginx -t
 236 ```
 237
 238 === "Alpine"
 239     ```
 240     # Restart nginx
 241     rc-service nginx restart
 242
 243     # Start the cron daemon and make it start on boot
 244     rc-service crond start
 245     rc-update add crond
 246
 247     # Ensure the webroot menthod and post hook is working
 248     certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
 249
 250     # Add it to the daily cron
 251     echo '#!/bin/sh
 252     certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload"
 253     ' > /etc/periodic/daily/renew-pleroma-cert
 254     chmod +x /etc/periodic/daily/renew-pleroma-cert
 255
 256     # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
 257     run-parts --test /etc/periodic/daily
 258     ```
 259
 260 === "Debian/Ubuntu"
 261     ```
 262     # Restart nginx
 263     systemctl restart nginx
 264
 265     # Ensure the webroot menthod and post hook is working
 266     certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx'
 267
 268     # Add it to the daily cron
 269     echo '#!/bin/sh
 270     certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
 271     ' > /etc/cron.daily/renew-pleroma-cert
 272     chmod +x /etc/cron.daily/renew-pleroma-cert
 273
 274     # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
 275     run-parts --test /etc/cron.daily
 276     ```
 277
 278 ## Create your first user and set as admin
 279 ```sh
 280 cd /opt/pleroma/bin
 281 su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser joeuser@sld.tld --admin"
 282 ```
 283 This will create an account withe the username of 'joeuser' with the email address of joeuser@sld.tld, and set that user's account as an admin. This will result in a link that you can paste into the browser, which logs you in and enables you to set the password.
 284
 285 ## Further reading
 286
 287 {! backend/installation/further_reading.include !}
 288
 289 ## Questions
 290
 291 Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.
 292